What is CVE-2021-39164?

CVE-2021-39164 is a vulnerability in Matrix Synapse versions 1.41.0 and prior that allows unauthorized users to access the membership (list of members) of a room if they know the room ID and the room has shared history enabled.

What is the severity of CVE-2021-39164?

The severity of CVE-2021-39164 is low, with a CVSS severity score of 3.1.

How can unauthorized users access the membership of a vulnerable room in Matrix Synapse?

Unauthorized users can access the membership of a vulnerable room in Matrix Synapse if they know the room ID and the room has shared history enabled.

Which versions of Matrix Synapse are affected by CVE-2021-39164?

Matrix Synapse versions 1.41.0 and prior are affected by CVE-2021-39164.

How can I fix CVE-2021-39164 in Matrix Synapse?

To fix CVE-2021-39164, upgrade to version 1.41.1 or later of Matrix Synapse.

Vulnerability/
CVE-2021-39164

low

3.5

CWE

200 863

31/8/2021

1/9/2021

24/9/2024

CVE-2021-39164: Improper authorisation of /members discloses room membership to non-members

First published: Tue Aug 31 2021(Updated: )

### Impact Unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver that is in the room. ### Patches Server administrators should upgrade to 1.41.1 or later. ### Workarounds Administrators of servers that use a reverse proxy could, with potentially unacceptable loss of functionality, block the following endpoints: * `/_matrix/client/r0/rooms/{room_id}/members` with `at` query parameter * `/_matrix/client/unstable/rooms/{room_id}/members` with `at` query parameter ### References n/a ### For more information If you have any questions or comments about this advisory, e-mail us at security@matrix.org.

Credit: security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
Matrix Synapse	<1.41.1
Fedoraproject Fedora	=34
Fedoraproject Fedora	=35
pip/matrix-synapse	<1.41.1	1.41.1

Remedy

https://github.com/matrix-org/synapse/commit/cb35df940a

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-39164?
CVE-2021-39164 is a vulnerability in Matrix Synapse versions 1.41.0 and prior that allows unauthorized users to access the membership (list of members) of a room if they know the room ID and the room has shared history enabled.
What is the severity of CVE-2021-39164?
The severity of CVE-2021-39164 is low, with a CVSS severity score of 3.1.
How can unauthorized users access the membership of a vulnerable room in Matrix Synapse?
Unauthorized users can access the membership of a vulnerable room in Matrix Synapse if they know the room ID and the room has shared history enabled.
Which versions of Matrix Synapse are affected by CVE-2021-39164?
Matrix Synapse versions 1.41.0 and prior are affected by CVE-2021-39164.
How can I fix CVE-2021-39164 in Matrix Synapse?
To fix CVE-2021-39164, upgrade to version 1.41.1 or later of Matrix Synapse.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/title
agent/severity
agent/remedy
agent/weakness
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-3x4c-pq33-4w3q
alias/CVE-2021-39164
agent/software-canonical-lookup
agent/last-modified-date
agent/references
agent/description
agent/softwarecombine
agent/event
collector/nvd-cve
source/NVD
agent/author
agent/tags
collector/github-advisory
vendor/matrix
canonical/matrix synapse
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/34
version/fedoraproject fedora/35
package-manager/pip